Cookies

How It Works: Cookies
Cookies can track your Web activities. Learn how they are created and where you'll run into them.
Cookie: a data file written to your hard drive by a Web server that identifies you to a site.
Helps a Web site "remember" who you are and set preferences accordingly when you return.
Eliminates the need to repeatedly fill out order forms or re-register on Web sites.
Allows Web sites or advertising companies to track your Web surfing behavior or patterns.

It's nice to be recognized. On the Web, sites can greet you like an old friend thanks to cookies. Beginning with Navigator 3.0 and Internet Explorer 3.0, browsers have worked with Web sites to record these small bits of identifying information on your hard drive, which the sites can use to track your activities and recognize you when you return. Cookies are now ubiquitous on the Web, but users, businesses, and consumer groups debate the nature of these tiny files: For some, they promise a more user-friendly Web; for others, they pose a privacy threat.
When you visit a site that sets cookies, commands embedded in the page cause your browser to contact the site's server. The server sends information back to the browser, where it's stored in a particular place on your hard drive. Different browsers store cookies in different places: Netscape Navigator maintains a file called cookies.txt that contains all cookie records from every site that creates a cookie. On a PC running Windows, Internet Explorer stores its cookies in the C:\windows\cookies directory. When you return to a site, the server queries your browser to find the cookie it created before, and the browser sends the cookie's information in response.
Cookies come in two varieties: Session cookies and persistent cookies. Session cookies clear out after you close the browser window (ending the session) and often are used by "shopping carts" at online stores to keep track of items you want to buy. Persistent cookies are set by news sites, banner ad companies, and others who want to know when you return to a site. These files reside on your hard drive after you leave the site.
Both types of cookie files contain the URL or domain name of the site you visited and some internal codes that indicate which pages you visited. Persistent cookies add the last time you visited the site and how many times you've been there. They usually contain a code that becomes your unique identifier, which lets a site know that you've been there before. Some cookies can contain personal information, such as a name or e-mail address, but only if you've given that information to the Web site. Contrary to popular rumor, cookies can't "steal" your name or e-mail address if you don't give it out.

Caught With a Hand in the Cookie Jar
If you surf the Web, you likely have plenty of cookies on your hard drive. Nearly all commercial Web sites (including PC World.com) set cookies, as do noncommercial sites that carry advertising. Probably the only sites that won't prompt your browser for cookies are personal home pages that don't carry ads and originate on local or regional Internet service provider servers. Cookies are often fewer than 100 bytes, so they won't affect your browsing speed. But because browsers are set to accept cookies by default, you may not know one has been placed; if you are concerned about your privacy, you may want to avoid sites that use them.
Cookies perform myriad functions for both Web surfers and Web sites. For the user, they make the Web more convenient. Sites that require registration, such as the New York Times' site, place a cookie on your hard drive with your user name and password; the cookie logs you in each time you visit. Personalized Web pages, such as My Yahoo, use cookies to customize the page with news, stock quotes, and other information that you indicate you want to see. Online stores use cookies to record purchases in electronic shopping carts before you leave the site. Those sites may also use cookies to help with order forms, so that the next time you buy something, the shipping and billing information gets filled in automatically.
For businesses, cookies can play a role similar to that of a salesperson. Some shopping sites, such as Amazon.com, tie your purchase history to your cookie. These sites can make on-the-fly recommendations for new books or music based on your tastes, thanks to a database they keep that includes your unique ID and purchase history. The vast majority of Web sites (as well as advertisers) also set cookies to track how many individual users visit the site. The resulting numbers are now seen as a measure of how busy a site is.
Some consumer groups claim that cookies have a dark side: reduced user privacy. Cookies track where you've been and what you've looked at on the Web. A visit to a single site can result in several cookies, and not all of the cookies report back directly to the site you are visiting: Some send the information to the site's advertisers. Cookie Central, a clearinghouse for cookie information, states that some Web advertising companies, including FocaLink and DoubleClick, surreptitiously set cookies that report back directly to them and keep track of your cookies with a database. By cross-referencing various cookies they have on you, they can profile your interests, spending habits, and lifestyle to target-market products to you. And as Net advertising companies grow and buy out related firms--as DoubleClick recently did with direct-marketing agency Abacus Direct--more people are growing concerned about how information gathered through cookies will be used. Using data Abacus may have on you, such as your name and address, DoubleClick could use its cookies, which contain a record of your surfing habits, to create a profile of your activities. You do have a say in this: Browsers include features to block cookies. Both Communicator and IE let you disable cookies completely or will prompt you when a cookie is being set. Communicator includes an option to accept only cookies that get sent back to the originating server. But because some sites contain so many cookies, it's often not worth being notified: You could spend a lot of time approving or denying cookie requests.
Instead of using your browser to block them, you can run utilities that remove cookies from your hard drive, such as IEClean or NSClean, Cookie Crusher, and Cookie Cutter. For even more protection, sites such as The Rewebber and tools such as Zero Knowledge's Freedom mask your identity while surfing, so even if a site places cookies on your hard drive, it has no idea who you are.

More information from www.cookiecentral.com

Q. Can cookies be used to get a "snap shot" of my hard drive? Is this done? and how?
A. Cookies cannot be used to get data or view data off your hard drive, early Javascript implementations could allegedly do this. This problem has been plugged along with more serious Java exploits, and no-longer poses any threat. A server can only get data from the cookie it wrote to the cookie file. The server must be on the same domain from which the cookie was set.

Q. Can someone from one site access the cookie information written by another site?
A site can only access a cookie that has been set from its own domain, It cannot access any other cookies from your computer. Sites could access other site's cookies, again this problem was plugged a long time ago.

Q. Is there a way to see the cookies that a web site has set?
A. Cookies are stored in memory until you exit your browser, so it's not possible to see the current cookies you've accepted in the cookies.txt file until you quit. If you type JavaScript:alert(document.cookie); into the address bar, when you are logged onto a site, it is possible to see the cookies which have been set from that domain. For example, if you log onto the Doubleclick site and type the above command, you should see your user id for the Doubleclick network. You can test this on this site, by clicking here, you should see an alert box listing all the cookies we've set. This only seems to work with Netscape 3 and Netscape Communicator. It also does not work with Microsoft's Active Server Pages (Asp's), where a security violation is created when this command is used.

Are there other means of tracking web surfers than cookies?
There is many ways in which you are traced on the web; cookies are seen more like a personal tag, some people see then as the most invasive of privacy. They are the only tracking device that we can control. Every time you log on to a web site you give away a lot of information:
Service provider.
Operating System.
Browser type.
Screen resolution and amount of colors. (only in IE)
CPU type.
Your service provider's proxy server (if used).
You IP address (again, this changes)
What server you were on last

You can stop this information from being given away by going to Anonymizer ; this site works like a proxy server, which also filters cookies.

Q. Are cookies a from big brother the same as ones in a online shop?
A. Well there is a bit of both, the function of the cookie is the same but they can be implemented in different ways. Cookies can be used to store information about where you go, and what banners you click, so companies can put specialized Advertisements and data which appeal to you. It's a bit like someone putting a tag on you when you go into a supermarket and then following you around the store. Some folk consider this loss of privacy offensive. But also they can be used for innocent things like storing what you have brought in an online shop, by assigning an ID number in a cookie. But whatever they are used for, they are the same thing. They are a valuable function on the web, for accomplishing a number of things.

Q. I set my browser to alert me before accepting cookies. In the dialog box in which the cookie offer is made, there is always the implicit threat that if you do not take the offer, you will not be able to enjoy the site you are visiting as well as you anticipate?
A. While not accepting a cookie will probably not reduce the experience of the site, obviously if you go into a online shop and reject a cookie you cannot shop properly. It is possible for a site to not operate properly if cookies are not accepted. I do not know how many fall into this category right now. Cookies was firstly developed by Netscape and now implemented by the RFC, so they want cookies to be used, the message box is just telling you that the site you are entering may not function properly if you do not accept the cookie, most sites work fine if you decline a cookie. It's is the persons opinion whether to accept cookies or not, Most people do not set their browser to warn them before accepting cookies because it becomes really annoying when a site wants to set 10 cookies. It would be quite easy for Netscape or Microsoft just to decline cookies automatically but this may render them useless. I work on the theory that there is less harm declining them than accepting them, this works for me. Please note the final version of Netscape Communicator and the betas, has options to automatically reject cookies.

Q. What Use Is The Information We Reveal To Web Sites?
A. The information that people reveal to each Web site they visit can be used by system administrators to build extensive personal profiles of visitors. By automatically placing a Cookie on visitors' Web browsers, Servers register data on the Cookie. This allows administrators to view the history of site's users has last visited before they enter that site, the advertisements they have viewed and the online transactions they have conducted. Again, sites can only access cookies from their own domain. While Cookies can be useful in some situations (for example, in saving a user's password to a particular site), some people constitute this as invasion of privacy. Remember a web site only knows the data that you have entered.

Q. Why Do Some People Dislike Cookies?
A. Cookies are sometimes disliked because they can set and perform functions without the user knowing. But couldn't one view computers in general as setting and performing functions without the user knowing? My machine swaps programs in and out every few seconds without telling me about it. Some people do not like a file that may contain a cookie with information about where they have been, and what they do, if they can stop it. This type of information that is invaluable to some companies. Cookies are usually used for simple things like to store your specification of your start page, or your user id's and or passwords, but like most things they maybe manipulated to do bad things. Cookies can be used to track you on the net, what sites you go to what you like and so on. This is not the only your tracked by big brother on the net, for instance when you submit an auto search in Internet Explorer it's routed through Microsoft servers. Cookies were originally designed to maintain state in the stateless environment of HTTP. So it made it possible to store page settings, or user ids. A cookie can contain any data that an administrator wants.

Q. How Do I Stop Cookies In Netscape?
A. In the Netscape directory there should be a file called cookies.txt (or magiccookie on the Mac). Search for this file if you cannot find it. This file is where all the all the cookie entries are found. You can delete the contents of this file regardless of the warning at the top of the page. After the contents have been deleted save the file and set its attributes too read-only, hidden and system. This will stop cookies from being set persistently on your disk, but it will not stop cookies from being set in memory while Netscape is running. When you exit Netscape these cookies will be cleared. This is probably a good alternative to have Netscape alert you when a site wants to set a cookie, as this becomes more of an annoyance than a prevention. Another good way to stop cookies is to use some software.

Q. How Do I Stop Cookies In Internet Explorer?
A. Internet Explorer 3.0 no longer stores cookies in a single file, but each cookie as a separate file in the windowscookies directory. This makes it harder to stop cookies, but if you want to stop individual cookies, like the doubleclick cookies, you can corrupt the cookie by deleting the contents then saving the file and setting its attributes read-only, hidden and system. This means when you log onto a site that has set that cookie it cannot read any information off your cookie or give you a new one. In a fashion similar to Netscape you can set IE to alert you before accepting cookie. To do this go to the View Menu | Options | Advanced tag and click on "Warn Before Accepting Cookies."